From RSA 2006: ‘Tis the year to cut down vulnerabilities

Qualys has set a worthy goal for security companies to chase throughout 2006: cutting the half-lives of vulnerabilities by one-fifth.

Speaking at the 2006 RSA Conference in San Jose on Wednesday, Terry Ramos presented his company's "Laws of Vulnerabilities," pointing out that malicious software continues to increase.

"Malicious code continues to grow," he said, repeating the study's general findings. "New vulnerabilities are announced every week."

Seventy percent of the data for the survey was compiled from global enterprise networks, while 30 percent was taken from random trials, Ramos said. It was based on the results of 32 million network scans from the third quarter of 2002 to the same time in 2005.

Flaws are quickly taken advantage of by malicious users, Ramos added.

"Within days, there are exploits available for 80 percent of vulnerabilities. So, it is a race," he said. "Ninety percent of vulnerability exposures are caused by just 10 percent of critical vulnerabilities."

Time is also of the essence in battling planned attacks, Ramos added.

"Automated attacks create the most damage in their first 15 days," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.